Radiant Capital suffered a major cyberattack leading to losses exceeding $50 million, with the hack affecting smart contracts on both the Binance and Arbitrum networks.
Compromised Multisig
The incident was first detected by Ancilia Inc., which reported suspicious activity on a Radiant Capital smart contract on the BNB Chain. Hackers drained at least $18 million from the platform before spreading to liquidity pools on the Arbitrum network. Web3 security firm De.Fi explained that the attackers compromised a multisig, allowing them to upgrade the smart contracts and transfer funds. Hacken reported that funds were drained from various trading pools, including those containing cryptocurrencies like USDC, USDT, wBTC, wETH, among others. Spot On Chain disclosed that the protocol was exploited for $53 million, with hackers converting the stolen funds into ETH and BNB across two wallet addresses.
Radiant Capital’s Response
The DeFi platform confirmed the incident in an X post, stating awareness of suspicious activity affecting its lending markets on the Binance Chain and Arbitrum. It has suspended its markets on Ethereum and the network Base as a precaution while investigating the breach. Radiant is working with several Web3 security partners, including SEAL911, Hypernative, and Chainalysis, to resolve the issue and prevent further damage. The platform also urged users to revoke all permissions to its smart contracts.
Previous Exploits
This is the second major exploit the platform has faced this year. In January 2024, Radiant lost $4.5 million in an unrelated hack caused by a vulnerability in its smart contracts.
The cyberattack on Radiant Capital underscores the vulnerabilities within decentralized financial platforms. The organization is taking measures to address the situation and prevent future incidents.